|
Also See:
6 GRC Platforms CIOs Should Know
Defining IT GRC
5 Measures To Minimize Risk
By Laton McCartney
The so-called Governance, Risk and Compliance market "is hard to size," says Michael Rasmussen, president of Corporate Integrity, a market research firm and advisory firm. That's because it encompasses everything from Sox compliance, enterprise risk management, environmental regulations, audit management, IT governance, operational risk management for business processes, market risk, credit and at least a dozen other categories.
"You could even add IT security and physical security into that mix," Rasmussen adds, noting that today corporations spend about $40 billion for the former and more than three times that for the latter.
Even without including the security categories, however, Governance, Risk and Compliance (GRC) is a market that's growing exponentially and is already generating some eye-popping numbers. AMR Research, for instance, projects companies will spend in excess of $35 billion in GRC solutions and services in 2008, a 7 % increase over 2007.
advertisement
Rasmussen puts the figure as high as $52.1 billion in 2008—$10 billion in software and the remainder in GRC professional services and GRC content/information providers.
The GRC market jump-started with the passage of Sarbanes-Oxley (SOX) and in particular the need to deal with Section 404 of SOX—the requirement for companies to check the effectiveness of internal controls and procedures for financial reporting. It went into high gear—at least the risk portion of it—in the wake of the mortgage crisis, which exposed the failure of many existing risk management systems in the financial sector. Now, in anticipation of new fiscal regulations that are likely to result from the almost unimaginable mortgage and banking failures plus other factors such as the growth of corporate social responsibility and what Rasmussen terms "an increasing risk profile in a distributed world," the GRC business will continue to boom.
AMR, in fact, pegs 2009 growth at 7% as companies shift their focus from compliance to better operational and financial risk management.
To date, most of the GRC vendors have come out with solutions aimed at specific segments of the overall GRC market such as financial controls, IT governance, policy enforcement and data privacy. More recently some of the major players in the market are rolling out GRC platforms or, as Rasmussen defines them, GRC infrastructures, that can host all kinds of targeted GRC applications while eliminating the more targeted approach to GRC that is prevalent today.
These platforms allow companies to collaborate across GRC silos, provide them with an enterprise view of risk and compliance and enables the various factions—finance, audit, IT—involved with GRC to work together.
Who's offering such products?
Here's a list of the vendors that are currently providing enterprise GRC platforms.
|
